Fix previous; the old cpuspeed was in MHz by the end of cpu_startup(),
not MHz*10 (despite being MHz*10 earlier in startup).
Also, don't const-fold by hand; let the compiler do it so that it's
more obvious what is going on.
chat/soju: update to 0.10.1
# changes
0.10.1:
- upstream: fix delay after connect commands
- upstream: clean up upstreamConn.runUntilRegistered()
- user: also delay channel joining when authenticating via certificate
- cmd/sojuctl: fix fmt.Errorf format strings
- downstream: fetch Server.Config once in downstreamConn.welcome
- Consistently log STATUSMSG messages to the same file
0.10.0:
- The default configuration file now stores messages in the database instead of the filesystem.
- Add support for IRCv3 draft/message-redaction and draft/ICON.
- Introduce a new soju.im/blocked IRCv3 metadata key to block messages originating from a specific user.
- Avoid unnecessary Web Push notifications (e.g. when quickly marked read, for muted conversations, etc).
- Add workaround to delay joining channels after -connect-command on legacy servers (e.g. for channels requiring NickServ authentication).
[12 lines not shown]
Add mmu_range_is_tt() helper function that consults the TT register
configuration to determine if a physical address range is transparently-
translated for the specified access.
(missed "cvs add")
Add mmu_range_is_tt() helper function that consults the TT register
configuration to determine if a physical address range is transparently-
translated for the specified access.
py-wheel: updated to 0.47.0
0.47.0
- Added the ``wheel info`` subcommand to display metadata about wheel files without
unpacking them
- Fixed ``WheelFile`` raising ``Missing RECORD file`` when the wheel filename contains
uppercase characters (e.g. ``Django-3.2.5.whl``) but the ``.dist-info`` directory
inside uses normalized lowercase naming
py-simplejson: updated to 4.1.0
Version 4.1.0 released 2026-04-22
* The C extension now accelerates encoding when ``indent=`` is set.
Previously the encoder fell back to the pure-Python implementation
whenever a non-None ``indent`` was passed; now the C encoder emits
the newline-plus-indent prefix, the level-aware item separator, and
the closing indent directly. A representative nested-dict workload
benchmarks about 4-5x faster end-to-end, and the ``indent=0`` and
empty-container edge cases continue to match the Python output
byte-for-byte.
* The C extension now emits PEP 678 ``exc.add_note()`` annotations on
serialization failures, matching the pure-Python encoder. A chained
error on ``{'a': [1, object(), 3]}`` produces the same three notes
(``when serializing object object``, ``when serializing list item 1``,
``when serializing dict item 'a'``) whether the speedups are loaded
or not, so the add_note assertions in ``test_errors.py`` no longer
need ``indent=2`` to force the Python path.
py-scrapy: updated to 2.15.1
Scrapy 2.15.1 (2026-04-23)
Bug fixes
- Sharing of the SSL context between multiple connections, introduced in
Scrapy 2.15.0, is reverted as it caused problems and wasn't actually
needed.
- Fixed :meth:`scrapy.settings.BaseSettings.getwithbase` failing on keys with
dots that aren't import names. It now works the way it worked before Scrapy
2.15.0, without trying to match class objects and import path. A separate
method,
:func:`~scrapy.settings.BaseSettings.get_component_priority_dict_with_base`,
was added that does that, and it is now used for :ref:`component priority
dictionaries <component-priority-dictionaries>`.
- Documentation rendering improvements.
py-faker: updated to 40.15.0
40.15.0 - 2026-04-17
* Add job providers for `ar_DZ` and `fr_DZ` locales
* Add company providers for `ar_DZ` and `fr_DZ` locales
* Add geo providers for `ar_DZ` and `fr_DZ` locales
* Add currency providers for `ar_DZ` and `fr_DZ` locales
* Add `date_time` provider for `ar_DZ` locale
* Add ssn providers for `ar_DZ` and `fr_DZ` locales
py-greenlet: updated to 3.4.0
3.4.0 (2026-04-08)
- Publish binary wheels for RiscV 64.
- Fix multiple rare crash paths during interpreter shutdown.
Note that this now relies on the ``atexit`` module, and introduces
subtle API changes during interpreter shutdown (for example,
``getcurrent`` is no longer available once the ``atexit`` callback fires).
- Address the results of an automated code audit performed by
Daniel Diniz. This includes several minor correctness changes that
theoretically could have been crashing bugs, but typically only in
very rare circumstances.
- Fix several race conditions that could arise in free-threaded
builds when using greenlet objects from multiple threads, some of
which could lead to assertion failures or interpreter crashes.
opensc: updated to 0.27.1
New in 0.27.1; 2026-03-31
* Bugfix release to fix up infrastructure issues.
New in 0.27.0; 2026-03-30
Security
* CVE-2025-13763: Several uses of potentially uninitialized memory detected by fuzzers
* CVE-2025-49010: Possible write beyond buffer bounds during processing of GET RESPONSE APDU
* CVE-2025-66215: Possible write beyond buffer bounds in oberthur driver
* CVE-2025-66038: Possible read beyond buffer bounds when parsing historical bytes in PIV driver
* CVE-2025-66037: Possible buffer overrun while parsing SPKI
* More low-severity data handling issues when parsing profile configuration
General improvements
* Added support for PKCS#11 3.2 in tools and pkcs11-spy and p11test
* Added support for Ed448, X448 mechanisms and improve support for
[52 lines not shown]
py-tox: updated to 4.53.0
Features - 4.53.0
TOML env_list now accepts bare range dicts ({ prefix = "3.", start = 12, stop = 14 }) and bare labeled dicts ({ ecosystem = ["oci", "python"] }) as top-level items, removing the { product = [...] } wrapper when there is only a single factor group
Bug fixes - 4.53.0
Nesting a range or labeled dict inside a product factor-group list now raises a clear error pointing at the un-nesting fix, instead of silently producing a malformed environment name
py-virtualenv: updated to 21.2.4
Bugfixes - 21.2.4
Security hardening: validate each entry of a seed wheel archive before extracting it so a tampered wheel cannot escape the app-data image directory via an absolute path or .. traversal.
Security hardening: verify the SHA-256 of every bundled seed wheel when it is loaded so a corrupted or tampered file on disk fails loud instead of being handed to pip. The hash table is generated alongside BUNDLE_SUPPORT by tasks/upgrade_wheels.py.
Security hardening: validate the distribution name and version specifier passed to pip download when acquiring a seed wheel so extras, pip flags, or shell metacharacters cannot be smuggled into the subprocess command line.
Security hardening: replace the string-prefix containment check in virtualenv.util.zipapp with Path.relative_to so the zipapp extraction helpers refuse any path that does not resolve under the archive root.
Security hardening: do not silently fall back to an unverified HTTPS context when the periodic update request to PyPI fails TLS verification. The returned metadata drives which wheel version virtualenv considers “up to date”, so accepting an unverified response lets a network-level attacker suppress security updates. Set VIRTUALENV_PERIODIC_UPDATE_INSECURE=1 to restore the previous behavior on hosts with broken trust stores.
haproxy: updated to 3.3.7
3.3.7
- BUG/MINOR: mworker: fix sort order of mworker_proc in 'show proc'
- BUG/MINOR: sock: adjust accept() error messages for ENFILE and ENOMEM
- BUG/MINOR: qpack: fix 62-bit overflow and 1-byte OOB reads in decoding
- MEDIUM: sched: do not run a same task multiple times in series
- MINOR: sched: do not requeue a tasklet into the current queue
- MINOR: sched: do not punish self-waking tasklets anymore
- MEDIUM: sched: do not punish self-waking tasklets if TASK_WOKEN_ANY
- MEDIUM: sched: change scheduler budgets to lower TL_BULK
- MINOR: mux-h2: assign a limited frames processing budget
- BUILD: sched: fix leftover of debugging test in single-run changes
- BUG/MEDIUM: acme: fix multiple resource leaks in acme_x509_req()
- BUG/MINOR: acme: leak of ext_san upon insertion error
- BUG/MINOR: acme: wrong error when checking for duplicate section
- BUG/MINOR: acme/cli: wrong argument check in 'acme renew'
- Revert "BUG/MEDIUM: mux-h2: make sure to always report pending errors to the stream"
[103 lines not shown]
jbig2enc: updated to 0.31
0.31: (2026-04-21)
* Fix undefined bit shifting behavior in jbig2arith.cc
* Free resources also when not in symbol mode
* Fix memory leak in unite_templates()
* Fix end segment page number in jbig2enc.cc
* Fix issue writing invalid jbig2 data for files that use per-page symtabs
* Add version info about leptonica and available image libs
* Add Github action for autotools (g++ and clang++) and msys2
* Add Meson build system and GHA workflows
* Add formatting rules
* Add CI release workflow
* Improve installation instructions and configure test for leptonica
* Enable wildcard globbing for MSVC built jbig2 executable